With the rapid growth of computer network technology in general, network security has become a major concern. Security in a networked environment is commonly implemented using a firewall, a server or appliance configured to detect threats to prevent certain types of unauthorized network communications such as computer viruses.
A RADIUS server generally handles authentication on a switch. RADIUS-attributes are applied at the completion of authentication or re-authentication. As such, it may not be possible to modify in real-time any filters applied via the RADIUS-attributes. Additionally, threat filtering may be applied by a threat detection server or appliance, for example via simple network management protocol (SNMP). Although SNMP may be used to alter a switch configuration after a threat is detected, the threat detection rules used by the server may be generalized to a class of device in order to handle multiple sampling streams simultaneously. As such, the threat detection rules may not be host device-specific. Moreover, firewalls may be configured to intercept traffic at a gateway between two networks to check data packets, and to block unwanted traffic from entering or exiting the network. One type of firewall runs on a gateway device positioned on the boundary between two networks, such as a router. These types of network security provide protection to the network from attackers and rogue devices but may not directly protect host devices from the network.
Another type of firewall is a personal firewall which is typically implemented as a software application running on a personal computer (PC) or other host device connected to the network, for example, via a network switch. The personal firewall filters network traffic for a single device. However, filtering at the host device may consume significant resources. Resource consumption may be heightened in an attack scenario for example during a denial of service (DOS) attack.